devel/cocogitto: update to 7.0.0
Features
5b3fbaa - (changelog) add support for GitHub specificgit trailers in changelog - @oknozor
94bbd56 - (verify) Add stdin support via --file - (#515) - Sangeeth Sudheer, Cursor, @oknozor
BREAKING b72dc7f - implement package resolver for monorepo - @oknozor
5d41a77 - use dependency resolver for workspace dep resolution - @oknozor
c39d205 - add cocogitto dependency resolver - @oknozor
460d1ff - make the repository a workspace - @oknozor
4ec1940 - Update name of cog.toml field - Jonathan Andrew
ac98431 - Consolidate pre-release CLI options - Jonathan Andrew
5391ec1 - Allow pre_pattern to be specified in cog.toml - Jonathan Andrew
a172168 - Add --auto-pre and --pre-pattern flags - Jonathan Andrew
fd4451e - Auto-increment pre-releases - Jonathan Andrew
Bug Fixes
11d0e05 - (commit) respect EDITOR variable with spaces on Windows - Ku6epXBOCTuK
[60 lines not shown]
textproc/rumdl: update to 0.1.38
## [0.1.38] - 2026-03-04
### Fixed
- **MD013**: Fixed reflow corrupting code blocks inside MkDocs admonitions
within list items — closing fences were merged with subsequent paragraph
text ([#485](https://github.com/rvben/rumdl/issues/485), reported by @sisp)
## [0.1.37] - 2026-03-04
### Fixed
- **MD013**: Resolve false positive for MkDocs 2-space list continuation
indents when using `semantic-line-breaks` reflow mode. Continuation lines
at the minimum indent were incorrectly flagged as needing reflow
([#484](https://github.com/rvben/rumdl/issues/484))
- **MD013**: Detect actual indent of text content for reflow output instead
[91 lines not shown]
py-pyspnego: updated to 0.12.1
0.12.1 - 2026-03-03
* Fix NTLM challenge parser when the `TargetInfo` contains extra data for `Single_Host_Data`
* Windows 11 24H2 is sending at least 80 bytes and as we don't use this data we don't care if it doesn't fit a specific size
rust: Improve RUST_TYPE documentation.
Include a note about RUSTUP_HOME which will need to be set if using rustup,
due to pkgsrc changing the HOME environment variable during build.
powerpc: count intr events on the correct cpu
The powerpc pic code doesn't support routing but an interrupt may fire
elsewhere (think IPIs). Instead of always reporting events on CPU 0,
record the last CPU index to handle the interrupt in struct intrsource
and use that when reporting affinity / event counters.
nintendo$ intrctl list
interrupt id CPU0 CPU1 CPU2 device name(s)
pi irq 20 4141* 0 0 IPI cpu0
pi irq 21 0 20949* 0 IPI cpu1
pi irq 22 0 0 16259* IPI cpu2
pi irq 14 29857* 0 0 latte
latte irq 70 19* 0 0 ahcisata0
latte irq 37 29* 0 0 ohci0
latte irq 38 40* 0 0 ohci1
latte irq 67 0* 0 0 ohci2
latte irq 69 2* 0 0 ohci3
latte irq 36 621* 0 0 ehci0
[5 lines not shown]
opentofu111: Import opentofu111-1.11.5 as wip/opentofu111
OpenTofu is an OSS tool for building, changing, and versioning
infrastructure safely and efficiently. OpenTofu can manage existing and
popular service providers as well as custom in-house solutions.
The key features of OpenTofu are:
* Infrastructure as Code: Infrastructure is described using a
high-level configuration syntax. This allows a blueprint of your
datacenter to be versioned and treated as you would any other code.
Additionally, infrastructure can be shared and re-used.
* Execution Plans: OpenTofu has a "planning" step where it generates
an execution plan. The execution plan shows what OpenTofu will do
when you call apply. This lets you avoid any surprises when
OpenTofu manipulates infrastructure.
* Resource Graph: OpenTofu builds a graph of all your resources, and
parallelizes the creation and modification of any non-dependent
resources. Because of this, OpenTofu builds infrastructure as
[9 lines not shown]
py-markdown2: updated to 2.5.5
2.5.5
Fix middle-word-em interfering with strongs
Fix code friendly extra stopping other syntax being processed
Fix a number of em/strong issues
Fix a number of safemode issues
Rewrite emphasis and strong processing to be more GFM compliant
Fix nested footnote references
Forbid square brackets in reference link IDs
py-uv py-uv-build: updated to 0.10.8
0.10.8
Python
Add CPython 3.10.20
Add CPython 3.11.15
Add CPython 3.12.13
Enhancements
Add Docker images based on Docker Hardened Images
Add resolver hint when --exclude-newer filters out all versions of a package
Configure a real retry minimum delay of 1s
Expand uv_build direct build compatibility
Fetch CPython from an Astral mirror by default
Download uv releases from an Astral mirror in installers by default
Add SBOM attestations to Docker images
[20 lines not shown]
nodejs: updated to 25.8.0
25.8.0
Notable Changes
- build, doc: use new api doc tooling (flakey5)
- (SEMVER-MINOR) sqlite: add limits property to DatabaseSync (Mert Can Altin)
- (SEMVER-MINOR) src: add C++ support for diagnostics channels (RafaelGSS)
- (SEMVER-MINOR) src,permission: add --permission-audit (RafaelGSS)
- (SEMVER-MINOR) test_runner: expose worker ID for concurrent test execution (Ali Hassan)
python310 py310-html-docs: updated to 3.10.20
Python 3.10.20
Security
gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650).
gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs.
gh-143925: Reject control characters in data: URL media types.
gh-143919: Reject control characters in http.cookies.Morsel fields and values.
gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters.
gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing. In order to do this without breaking existing users, we also add the ownerDocument attribute to xml.dom.minidom elements and attributes created by directly instantiating the Element or Attr class. Note that this way of creating nodes is not supported; creator functions like xml.dom.Document.documentElement() should be used instead.
gh-137836: Add support of the “plaintext” element, RAWTEXT elements “xmp”, “iframe”, “noembed” and “noframes”, and optionally RAWTEXT element “noscript” in html.parser.HTMLParser.
gh-136063: email.message: ensure linear complexity for legacy HTTP parameters parsing. Patch by Bénédikt Tran.
gh-136065: Fix quadratic complexity in os.path.expandvars().
gh-119451: Fix a potential memory denial of service in the http.client module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.
gh-119452: Fix a potential memory denial of service in the http.server module. When a malicious user is connected to the CGI server on Windows, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.
gh-119342: Fix a potential memory denial of service in the plistlib module. When reading a Plist file received from untrusted source, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.
[10 lines not shown]
